CVE-2020-35851

HGiga MailSherlock does not validate specific parameters properly. Attackers can use the vulnerability to launch Command inject attacks remotely and execute arbitrary commands of the system...

CVE-2020-35741

HGiga MailSherlock contains a cross-site scripting (XSS) vulnerability: it does not validate user parameters on multiple login pages, allowing an attacker to inject JavaScript syntax. The CVE entry CVE-2020-35741 is documented across multiple sources (NVD and CNVD) with this behavior. Impact deta...

MailSherlock 跨站脚本漏洞

HGiga MailSherlock is an email archiving and auditing system that provides a complete email security solution. A cross-site scripting vulnerability exists in HGiga MailSherlock. The vulnerability stems from MailSherlock failing to properly validate specific URL parameters. An attacker can exploit...

Xinuos Openserver Cross-Site Scripting Vulnerability

Xinuos Openserver is a FreeBSD-based operating system from the American company Xinuos. Xinuo suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client data in the application parameter section. A remote attacker can exploit this vulnerability by...

Xinuos Openserver 跨站脚本漏洞

Xinuos Openserver is a FreeBSD-based operating system from the American company Xinuos. Xinuo suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client data in the application parameter section. A remote attacker can exploit this vulnerability by...

CVE-2020-29565

An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provid...

CVE-2020-29565

An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provid...

ILIAS Remote Code Execution Vulnerability

ILIAS is a powerful open source learning management system for developing and implementing web-based e-learning. A remote code execution vulnerability exists in ILIAS 6.4. The vulnerability stems from a parameter validation error on Magpie RSS data. An attacker can exploit this vulnerability to...

Memory corruption

The frame touch module does not make validity judgments on parameter lengths when processing specific parameters,which caused out of the boundary when memory access.The vulnerability eventually leads to a local DOS on the device...

CVE-2020-11162

u'Possible buffer overflow in MHI driver due to lack of input parameter validation of EOT events received from MHI device side' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,...

Buffer overflow

u'Possible buffer overflow in MHI driver due to lack of input parameter validation of EOT events received from MHI device side' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,...

CVE-2020-11162

u'Possible buffer overflow in MHI driver due to lack of input parameter validation of EOT events received from MHI device side' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,...

Valve: Add any depot to your app and access its contents without decryption key; via /apps/setcommonredists

The summary is: A parameter-validation error on an endpoint used to configure redistributable depots allowed external depots to be added to an existing app without the required decryption key...

PYSEC-2020-295

In Tensorflow before version 2.4.0, an attacker can pass an invalid axis value to tf.quantization.quantizeanddequantize. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dimsize only does a DCHECK to validate the argument and th...

HUAWEI Taurus-AL00A Information Disclosure Vulnerability

The Huawei Taurus-AL00A is a smartphone from the Chinese company Huawei Huawei. A security vulnerability exists in the HUAWEI Taurus-AL00A XFRM module. The vulnerability stems from a failure to adequately validate parameters, which can be exploited by an authenticated attacker by performing certa...

CVE-2020-24551

IProom MMC+ Server login page does not validate specific parameters properly. Attackers can use the vulnerability to redirect to any malicious site and steal the victim's login credentials...

CVE-2020-24551

IProom MMC+ Server login page does not validate specific parameters properly. Attackers can use the vulnerability to redirect to any malicious site and steal the victim's login credentials...

CVE-2020-24551

The CVE-2020-24551 entry applies to IProom MMC+ Server login page, where improper validation of specific parameters enables an open redirect. The vulnerability is network-?driven; CVSS details from NVD indicate both CVSS v2 (base 5.8) and CVSS v3.1 (base 6.1) with no authentication, user interact...

Input validation

A vulnerability in the CLI implementation of a specific command of Cisco IOS XE Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying host file system. The vulnerability is due to insufficient validation of the parameters of a specific CLI command. A...

CVE-2019-16025

A vulnerability in the web framework of Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of some parameters that are passed...